My outbound SMTP shut down yesterday due to 8000 messages hitting our external relay. We are allocated 750 per day. I have run tests, we are not an open relay for spam. So now I am doing forensics trying to determine what caused this. Symantec Endpoint has found no viruses anywhere, Microsoft Antigen has been trapping a butt load of them lately but there is nothing in those logs that would be conclusive. I had to redirect the outgoing queue and delete the messages out of it, reset our daily message allocation to revive the SMTP connector. Our Sonic wall report was not much help other than identifying some high volume IP traffic. Anyone experiencing this before, I would love to know what your verdict was so I can prevent it from happening again.

3 Replies

Try to set a sniffer in front of your server and check your traffic. I had once a USB drive-by virus (love those USB drives) that was memory-resident that tried to spew a lot of spam from a couple of machines.

Also, check for macros that might use your email client to send spam (it's old, but sometime someone opens an old doc with macros virus and things like this happen).

Where's your 'outbound' smtp server? Is it separate from the inbound SMTP server? Your SMTP logs should be able to show you where all this traffic is coming from.

However, when you say you're limited to 750 outbound email a day, it sounds like you're hosted. If that's the case, and the smtp server's not even in your network, I would consider it the hosting provider's obligation to ensure that they are only counting valid email from your network as email you've sent.

Than again, you could have a user who decided to do an email blast to 8000 users.

0

This discussion has been inactive for over a year.

You may get a better answer to your question by starting a new discussion.